Jump to: navigation, search

Difference between revisions of "HowTo:Install UBIK Client Certificate"


m (Automatic Import)
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This how-to describes how to set up a client certificate to enable a secure channel to the [[Web_Service|web service]].
+
Setting up a client certificate for using a secure channel to the [[Web_Service|web service]].
  
 
= Android =
 
= Android =
  
== Manual installation ==
+
=== Manual installation ===
 
+
One can add server certificates to the {{UBIK Android}} application in addition to the pre-installed certificates, using a button in the ''Info'' menu. {{Version/AndroidSince|2.3.1}}
One can add server certificates to the {{UBIK Android}} application ({{Version/AndroidSince|2.3.1}}) in addition to the pre-installed certificates, using a button in the '''Info Activity'''.
+
  
 
# Copy the certificate to your device's SD card where you can find it easily.  
 
# Copy the certificate to your device's SD card where you can find it easily.  
Line 11: Line 10:
 
# Press the ''Home'' button in the ''Action Bar''.
 
# Press the ''Home'' button in the ''Action Bar''.
 
# Press the ''Info'' button in the drop-down menu.
 
# Press the ''Info'' button in the drop-down menu.
# In the Info Activity, press the ''Install Certificate'' button.
+
# On the Info screen, press the ''Install Certificate'' button.
 
# Select a file browser in order to select the certificate file.
 
# Select a file browser in order to select the certificate file.
 
# Choose the certificate file you earlier copied to the device's SD card.
 
# Choose the certificate file you earlier copied to the device's SD card.
  
If the adding was successful, a toast message confirming the installation will appear. Else, the Toast's text will indicate an error.
+
If the adding was successful, a toast message confirming the installation will appear. Else, the toast's text will indicate an error.
  
 
The certificate will be stored in a '''BouncyCastle''' keystore on the device's file system (path: ''SD-Card/UBIK/Certificates'').
 
The certificate will be stored in a '''BouncyCastle''' keystore on the device's file system (path: ''SD-Card/UBIK/Certificates'').
Line 22: Line 21:
 
{{Attention|A file browser app has to be installed on your device in order to select the certificate file from the SD-card.}}
 
{{Attention|A file browser app has to be installed on your device in order to select the certificate file from the SD-card.}}
  
== Automatic Import ==
+
=== Automatic Import ===
 
+
One can place certificate files in a predefined folder in order for them to be imported automatically when the app starts up the next time. {{Version/AndroidSince|2.5.1}}
One can place certificate files in a predefined folder in order for them to be imported automatically when the app ({{Version/AndroidSince|2.5.1}}) starts up the next time.
+
The folder depends on the app:
+
  
 +
The folder depends on the application:
 
<pre>
 
<pre>
 
<sd-card>/Android/data/com.augmensys.ubik.<custom_app>/files/cert
 
<sd-card>/Android/data/com.augmensys.ubik.<custom_app>/files/cert
 
</pre>
 
</pre>
  
== Certificate list ==
+
 
In the Info activity ({{Version/AndroidSince|2.5.1}}), there is a button labelled "Show certificates" that opens a list of all installed certificates, displaying their subject and expiry date.
+
=== Certificate list ===
 +
[[File:UBIK_Android_UI_Info_Activity_Certificate_List.png|400 px|thumb|border|alt=Certificate List|Certificate List]]
 +
 
 +
In the Info screen, there is a button {{key press|Show certificates}} that opens a list of all installed certificates, displaying their subject and expiry date. {{Version/AndroidSince|2.5.1}}
  
 
{{Attention|The certificate has to be provided as a X.509 DER encoded file, e.g. *.cer}}
 
{{Attention|The certificate has to be provided as a X.509 DER encoded file, e.g. *.cer}}
 
{{Hint|The certificate will remain on the device even if the application is reinstalled.}}
 
{{Hint|The certificate will remain on the device even if the application is reinstalled.}}
  
= Windows =  
+
{{Clear}}
 +
 
 +
= WinX / Web =  
 +
The clients, either WinX or Web, need to have a certificate installed if the connection to the web service should use secure communication (HTTPS). This certificate can either be a root authority certificate, a self-signed or any other public key certificate from a certificate authority enabling a secured connection between the web service and the clients.
 +
 
 +
If you already have a public key certificate available you can use this on the clients and web service. Otherwise you can create a certificate as described in [[HowTo:Create_UBIK_Web_Service_Certificates]].
 +
 
 +
As the {{UBIK Web}} client connects to the content server similar as any mobile client it needs also to be authorized using a certificate. Hence, whatever machine hosts the {{UBIK Web}} client application needs to have the certificate installed.
 +
 
 
=== Install Root Authority Certificate ===
 
=== Install Root Authority Certificate ===
If the client connects to a webservice, it needs to check if the connection can be established by fullfilling a root authority certification. Therefore the certificate of the root authority has to be installed.
+
To import the certificate, start the certificate manager by entering ''Manage computer certificates'' in the Windows Start Screen (alternatively, start the program ''certmgr''):
 
+
To import the certificate, start the certificate manager by entering ''Manage computer certificates'' in the Windows 8 Start Screen (alternatively, start the program ''certmgr''):
+
 
# Go to section ''Trusted Root Certification Authorities'' and open the context menu.
 
# Go to section ''Trusted Root Certification Authorities'' and open the context menu.
 
# Click on ''All Tasks''
 
# Click on ''All Tasks''
Line 51: Line 58:
 
* [[Web_Service_Configuration|Web Service Configuration]]
 
* [[Web_Service_Configuration|Web Service Configuration]]
  
 +
{{Category/Version|2.5.1}}
  
 
+
[[Category:2.5.1|Install UBIK Client Certificate]]
 
+
 
+
{{Category/Version|2.3.1}}
+
 
+
 
[[Category:Android|Install UBIK Client Certificate]]
 
[[Category:Android|Install UBIK Client Certificate]]
 
[[Category:How-To|Install UBIK Client Certificate]]
 
[[Category:How-To|Install UBIK Client Certificate]]
 
[[Category:Installing|Install UBIK Client Certificate]]
 
[[Category:Installing|Install UBIK Client Certificate]]
[[Category:Version 2.3|Install UBIK Client Certificate]]
+
[[Category:WinX|Install UBIK Client Certificate]]
[[Category:Windows|Install UBIK Client Certificate]]
+

Latest revision as of 15:02, 2 May 2016

Setting up a client certificate for using a secure channel to the web service.

[edit]

Android

Manual installation

One can add server certificates to the UBIK® Android application in addition to the pre-installed certificates, using a button in the Info menu.

  1. Copy the certificate to your device's SD card where you can find it easily.
  2. Open the UBIK Android application.
  3. Press the Home button in the Action Bar.
  4. Press the Info button in the drop-down menu.
  5. On the Info screen, press the Install Certificate button.
  6. Select a file browser in order to select the certificate file.
  7. Choose the certificate file you earlier copied to the device's SD card.

If the adding was successful, a toast message confirming the installation will appear. Else, the toast's text will indicate an error.

The certificate will be stored in a BouncyCastle keystore on the device's file system (path: SD-Card/UBIK/Certificates). This means you can copy this keystore and reuse it on another device by pasting it there!

IC Attention.pngA file browser app has to be installed on your device in order to select the certificate file from the SD-card.

Automatic Import

One can place certificate files in a predefined folder in order for them to be imported automatically when the app starts up the next time.

The folder depends on the application:

<sd-card>/Android/data/com.augmensys.ubik.<custom_app>/files/cert


Certificate list

Certificate List
Certificate List

In the Info screen, there is a button Show certificates that opens a list of all installed certificates, displaying their subject and expiry date.

IC Attention.pngThe certificate has to be provided as a X.509 DER encoded file, e.g. *.cer
IC Hint square.pngThe certificate will remain on the device even if the application is reinstalled.

WinX / Web

The clients, either WinX or Web, need to have a certificate installed if the connection to the web service should use secure communication (HTTPS). This certificate can either be a root authority certificate, a self-signed or any other public key certificate from a certificate authority enabling a secured connection between the web service and the clients.

If you already have a public key certificate available you can use this on the clients and web service. Otherwise you can create a certificate as described in Create UBIK Web Service Certificates.

As the UBIK® Web client connects to the content server similar as any mobile client it needs also to be authorized using a certificate. Hence, whatever machine hosts the UBIK® Web client application needs to have the certificate installed.

Install Root Authority Certificate

To import the certificate, start the certificate manager by entering Manage computer certificates in the Windows Start Screen (alternatively, start the program certmgr):

  1. Go to section Trusted Root Certification Authorities and open the context menu.
  2. Click on All Tasks
  3. Use Import... to import the Root Certificate provided as *.cer file.
    Windows Certificaties Manager

See also